Description

RogueKiller is an anti-malware program written in C++ and able to detect and remove generic malwares and some advanced threats such as rootkits, rogues, worms, …

Based on generic ways to find malware by their behaviour (heuristics), on classic anti-malware analysis (signature finding) and on undocumented hacks, RogueKiller can find/remove most of the basic malware (rogues, trojans, …) and some advanced threats like ZeroAccess or TDSS that behave more like rootkits.

RogueKiller is an anti-malware maintained by a small team, and thus new detections are based on “most spread threats“. We react quickly to integrate detection and removal of what we think can be a global threat and affect a big amount of users across the world.

Here’s a little summary of what RogueKiller is able to do:

Kill malicious processes

Stop malicious services

Unload malicious DLLs from processes

Find/Kill malicious hidden processes

Find and remove malicious autostart entries, including :

Registry keys (RUN/RUNONCE, …)

Tasks Scheduler (1.0/2.0)

Startup folders

Find and remove registry hijacks, including :

Shell / Load entries

Extension association hijacks

DLL hijacks

Many, many others …

Read / Fix DNS Hijacks

Read / Fix Proxy Hijacks

Read / Fix Hosts Hijacks

Read / Fix malicious Master Boot Record (MBR) or Volume Boot Record (VBR), even hidden with a rootkit

List / Fix SSDT – Shadow SSDT – IRP Hooks (Even with inline hooks)

Find and restore system files patched / hidden by a rootkit

RogueKiller is a GUI-ed tool (since the new version), so it’s easy to use. However, one can have difficulties to interpret the results and know what needs to be fixed. This is normal and malware removal is somewhat tricky. We’ve made a documentation to help you, please read it in case of need. If you still have problems, please feel free to post the scan log on the forum. They know how to interpret it and they will guide you in the removal (for free, of course).

Premium version

NEW! RogueKiller now has a Premium version, with some useful features! Check it out now.

Please support us!

RogueKiller is a free software, updated about once a week. It needs perpetual watch on live malware, and constant improvements to crush bugs, handle new malware and add new cool features.

Advertisements on the website are the only reliable way to get our developers paid for all that hard work.
However, you can contribute in a most valuable way by making a small (or generous, depends on your mood) donation with Paypal or Bitcoin. Don’t hesitate to leave a message explaining your thankfulness with your donation, this is an important thing for the team!

If you don’t wish to donate, you can still express your thankfulness (lucky you! :)) by liking us on social networks (below).

Social Links:

Advices:

The paid version has a real-time protection that catches a lot of malware unknown by most of antiviruses.

User guide

Disclaimer. RogueKiller is able to send feedback report automatically in order to help developers to fix bugs and improve the software. The content is not sensitive, and does not contain personal data, only software related data. This feedback is used for real time statistics of in-the-wild threats (see below). If you disagree with this, please do not use this software.

Disclaimer 2. RogueKiller, by design, can detect some false positives. We made the choice to “sometimes” detect wrong things (marked as suspicious) and have a very high efficiency against malware rather than never detect legit things and miss a lot of malware. That said, you have always the choice to uncheck items before hitting deletion (and report them as false positive to us!)

RogueKiller is easy to use. Basically, a classic use would be the following:

Launch the program. Wait for the Prescan to finish

Hit the “Scan” button. Wait for the scan to finish.

Perform a quick visual check of what has been found in the different tabs. Leave unchecked what you want to keep.

Changelog

Screenshots

Statistics

RogueKiller, thanks to its automated feedback, send some information in real time about currently spreading threats. It allows us to be prepared and warn people that a new attack is in effect, or that a 0-day is been exploited. More, we can see which operating systems are most used, which languages, and so.

I wanted you to know that I use your scanner religiously as part of my anti-malware suite but the last version is killing my Bomgar and Logmein processes that I use to connect to customer’s computers as part of my job and they don’t come back. I can’t scan the customer’s computer remotely because of this. I want to donate to you for your hard work but is there anything you can do to stop it from killing those legitimate processes? bomgar-scc.exe and LMI.. I’ll have to get a log file so you can see exactly what the processes names are that are being unloaded/killed. Thank you!